Escape parameters before using in URL

[dimitrystd]

I noticed following line in sdkUpdateEmailEditableSection.java

    public String getPath() {
        return "/asset/v1/email/" + emailId + "/content/" + contentItem.getHtmlId() + ".json";
    }

If user will create email section with name like edit !"text" i will generate wrong request URL.

DoD:

• URL encode htmlId before using in URL
• Find and fix similar places in SDK

Note:
I tested marketo and it allows such urls!

/rest/asset/v1/email/2225/content/edit !"text".json

But it also accepts valid url

/asset/v1/email/2225/content/edit%20!%22text%22.json

I could not find a solution for case edit/text. I tried to escape it edit%2Ftext and double escape edit%252Ftext but didn't help :(

[dlyash]

This needs to be verified. See, URL is not build by simple concatenation but rather using a builder:

WebTarget target = client.target(restUrl).path(command.getPath());

So, the builder may encode the final URL for you. If it's not, the right place to introduce the fix is HttpCommandExecutor.

[dlyash]

I could not find a solution for case edit/text. I tried to escape it edit%2Ftext and double escape edit%252Ftext but didn't help :(

It looks like an interesting area. For instance, Google says that some HTTP servers explicitly prohibit encoded slashes %2F in URLs. Frameworks may not work well with them either.